Abstract: In one embodiment, a system for managing a virtualization environment includes a plurality of host machines, wherein each of the host machines comprises a hypervisor and one or more user virtual machines (user VMs), and a virtual machine controller, one or more virtual disks comprising a plurality of storage devices, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), wherein each of the FSVMs is running on one of the host machines. The VFS may be configured to receive a request for storage system information from a user and generate and send a response to the request, wherein the response is customized according to configuration information of the VFS that is specific to the user. The storage system information requested may include a total size of storage available to the user, and the user may have an associated storage quota limit.

Abstract: Examples described herein include virtualized environments including a virtualized file server. Examples of secure domain join processes are described which may facilitate joining a virtualized file server or portions thereof to a domain. In some examples, the secure domain join process itself, and/or an associated file server virtual machine, may have insufficient credentials to write objects into an active directory. The active directory credentials need not be shared with the file server virtual machine. Rather, in some examples, the secure domain join process may provide a user system with a list of actions to be performed using active directory credentials.

Abstract: An illustrative embodiment disclosed herein is an apparatus including a processor having programmed instructions to determine that a first packet, received from a first VM on a first host, has a destination address associated with a second VM on the first host, send the first packet to a service-focused bridge, generate a rule to redirect the first packet to the second VM based on the destination address, and generate execute the rule in response to receiving the first packet from the service-focused bridge.

Abstract: One embodiment of the present invention provides a system that can manage access to a service from a cluster of computing nodes. An instance of the system can operate on a respective computing node. During operation, the system instance can identify an Internet Protocol (IP) address, which provides access to the service from the cluster of computing nodes to a client device at a client site. The system instance can select the computing node for hosting the IP address in the cluster of computing nodes based on a set of selection criteria. The selection is performed independently at the computing node. The system instance can then assign the IP address to the computing node. The assignment allows a request for the service to be directed to the computing node. Subsequently, the system instance can facilitate the service from the cluster of computing nodes based on the request.

Abstract: Systems and methods for policy-based apportionment of input/output operations (IOPS) in computing systems. Embodiments access a policy that specifies IOPS limits. Two or more virtual machines that are associated with the policy and two or more nodes that host those virtual machines are identified. In a first allocation stage, an inter-node policy manager prescribes an initial IOPS limit to the two or more nodes. The allocation amounts sent to the nodes depend at least in part on performance capabilities of respective nodes. In a second allocation stage, for each node that had received a limit amount, that amount is apportioned to the sets of virtual machines that execute on respective host nodes. Each node of the two or more nodes invokes its own node-local IOPS monitoring. Each node reports IOPS usage data to the inter-node policy manager, which in turn adjusts the node-level IOPS apportionments based on the node-level usage.

Abstract: Examples of systems are described herein which may dynamically allocate compute resources to recovery dusters. Accordingly, a recovery site may utilize fewer compute resources in maintaining recovery clusters for multiple associate clusters, while ensuring that, during use, compute resources are allocated to a particular cluster. This may reduce and/or avoid vulnerabilities arising from a use of shared resources in a virtualized and/or cloud environment.

Abstract: A method and system for managing communication connections in a virtualization environment implemented by a cluster of host machines, each of the host machines comprises a hypervisor, at least one user virtual machine (UVM), a connection manager, and an I/O controller. The system includes a virtual disk accessible by all of the I/O controllers and comprising a plurality of storage devices. The system includes a first host machine of the host machines designated as a leader node, wherein the leader node configured to confirm a second one of the host machines is unreachable; and transmit, in response to the confirmation, an update message to other host machines in the cluster. The update message identifies the unreachable host machine and causes the other host machines to block messages from the unreachable host machine and send an acknowledgement of the update message back to the leader node.

Abstract: Systems for restarting a virtual machine in a disaster recovery scenario where a network configuration differs between the failed system and the recovery system. A method commences upon identifying a disaster recovery plan for restarting a virtual machine from a first system on a second system (e.g., a recovery system). A configuration for providing network access at the second system through an adapter present in the second system is stored at a location accessible to the second system. Restarting the virtual machine at the second system upon detection of a failure event at the first system.

Abstract: A system and method receiving a request to transfer first data from a first storage space to a second storage space, receiving a write request to write second data to a location during the transfer of the first data, determining from an access data structure that the location is not in use, writing the second data to the second storage space, and updating a location data structure indicating the location of the second data to be in the second storage space.

Abstract: A virtualized file server (VFS) may include a plurality of file server virtual machines (FSVMs) that cooperatively manage a distributed file share of storage items. A data protocol server implemented by a first FSVM is configured to provide communication between a user device and the VFS responsive to a request from the user device to connect to the VFS. A common layer implemented by the first FSVM includes information management metadata for authorized users of the VFS. A web proxy at the first FSVM presents a user access list of storage items to the user device, where the user access list is based on user information received with the request from the user device to connect to the VFS.

Abstract: Systems and methods for storage resource and computation resource expansion. A method embodiment includes migrating a computing task from an external computing environment to a different computing/storage environment. The method commences by identifying a storage system having virtualized controllers and by identifying a computing device that performs a workload that interfaces with the storage system. The virtualized controllers execute in the second computing environment to manage access to storage target devices by accessing a storage target device identified by an IP address. A particular virtualized controller that is connected to the storage target device is selected and configured to process storage I/O from a migrated workload. A user virtual machine or user executable container is configured to execute the workload on one of the nodes in the computing and storage system within the second computing environment.

Abstract: Communication between VMs running in a clustered virtualization environment and a distributed storage system is managed. The distributed storage system consists of multiple storage/compute nodes. A hypervisor communicates with a controller in a local node on behalf of a VM. The controller will redirect a connection to a second controller on different node. The controller to which the connection is redirected is selected so as to distribute the load evenly across the cluster.

Abstract: In some aspects, a non-transitory computer-readable storage medium having computer-executable instructions stored thereon that, upon execution by a processor, causes the processor to receive an indicator of a functionality; map the indicator to a first service and a second service dependent on the first service; identify a policy based on the first service and the second service; and determine, based on the policy, locations of deployment for the first service and the second service.

Abstract: Systems and methods for throttling logging processes in presence of system resource contention. Logging processes that contend with non-logging processes for resources can sometimes be throttled to more equitably share system resources. A method embodiment commences by establishing a set of throttling rules that are to be observed by the logging processes running on the system. While logging processes and non-logging processes are running, a monitor records system resource usage and other system conditions. When a process manager determines that the resources consumed by the combination of the logging processes and the non-logging processes exceed a threshold, then any currently-applicable throttling rules fire so as to prescribe throttling levels.

Abstract: A method and product for implementing application consistent snapshots of a sharded relational database across multiple storage arrays using a distributed and federated protection domains model across two or more storage clusters.

Abstract: A system and method can include requesting, by a network agent in a virtual machine in a hypervisor-attached infrastructure, a first identifier of a first resource device. The method can include comparing the first identifier to a plurality of known identifiers. The method can include determining a first location of the first resource device in response to matching the first identifier to one of the plurality of known identifiers. The method can include requesting a second identifier of a second resource device. The method can include determining a second location of the second resource device in response to the second identifier being different from each of the plurality of known identifiers. The second location can be different than the first location.

Abstract: A request to create a set of security policies for an application is received at a graphical user interface. Information identifying a set of source VMs, a set of destination VMs, and a set of target VMs also are received, wherein the target VMs are executing the application and are supported by (a) node(s) in a clustered virtualization environment. A set of inbound rules identifying (a) category(ies) of source VMs permitted to initiate connections with a subset of target VMs and a set of outbound rules identifying (a) category(ies) of destination VMs to which the subset of target VMs are permitted to initiate connections are received at the graphical user interface. Upon receiving a request to apply the security policies, the policies are configured based at least in part on the inbound and outbound rules and a visual representation of the security policies is presented in the graphical user interface.

Abstract: A computer implemented method implemented with a processor for assigning a unique identifier for a data item initially deployed at a cluster of a networked environment that includes determining a unique cluster identifier for the cluster of the networked environment, atomically modifying a local counter value at the cluster of the networked environment and appending the unique cluster identifier to the atomically modified local counter value at the cluster of the networked environment to form a unique ID for the data item.

Abstract: A device executing an application in a distributed system may transmit a query for capabilities of one or more components in the distributed system to a capability service and receive a response. Based on the response, the device may determine whether a first capability criteria that is based on a first version of the application is met. If the first capability criteria is met, the device may execute the first version of the application. If the first capability is not met: the device may transmit a subscription request to subscribe to one or more particular capabilities; and optionally may determine a second version of the application for which a second capability criteria is met and execute the second version until receiving a notification to the subscription. The capability service may have a capability store that is updated upon a capability change in the one or more components in the system.